Saturday, November 24, 2018

On November 12th, when auditing the
search results for open/exposed Elasticsearch databases with
Binaryedge.ioplatform, we have
found what appeared to be a collection of personal records compiled
by FIESP, the Federation of Industries of the State
of São Paulo. FIESP is the largest class entity in the Brazilian
industry. It represents about 130 thousand industries in various
sectors, of all sizes and different production chains, distributed in
131 employers’ unions.

Records were stored in Elasticsearch with
the total count of 180,104,892.

[…]

The largest collection of data (FIESP
collection) had 34,817,273 personal records with exposed info like:

name

personal
ID number (RG number)

taxpayer
registry identification (CPF)

sex

date of
birth

full
address

email

phone number

Read more on Hackenproof.com.
As has happened waaaaay too many times to Bob and others, including
yours truly, he had difficulty making notification.

But when notification was finally made after
someone on Twitter got thru to FIESP, it was not received as one
might hope. Angelica Mari of ZDNet reported
today that:

FIESP said it is “investigating the
alleged access to its database by a company that claims to work in
digital security,” but it has pretty much denied that anything
serious has happened at all.

The trade body argued that the databases
Hacken Proof is talking about didn’t contain sensitive information
or passwords and that “so far, there is no news that any personal
information from the database has been exposed.”

“FIESP contacted [Hacken Proof], who
said it had not made the data public and subsequently destroyed the
information that it claims to have had access to. [Hacken Proof]
also stated that its objective was to expose possible vulnerabilities
to prevent potential leaks.”

After an initial investigation the company said
that it believed on the “balance of probabilities” that “data
relating to our clients, placement agencies, applicants, references
and our employees” was
accessed during the breach.

Data that it believed may have been vulnerable
included the personal details of employees of PageUp customers,
details of job applications lodged with the company’s customers,
and employment reference information.

PageUp said though there was no
evidence that data had been exfiltrated. [Note
that is is somewhat different than saying, “there was evidence that
the data was not exfiltrated.” Perhaps they kept no records (logs)
of data movement. Bob]

The question should have been asked and answered
prior to implementing the new meters. The same for any IoT device.
If it was, why not mention that as part of the release. If it was
not, are you ready for the lawsuits?

As
utility companies across the state roll out new Internet-connected
electrical meters, Smithfield Township supervisors are calling on
Met-Ed to show how they’re protecting customers’ information.
The Board of Supervisors penned a letter this week to FirstEnergy
Corp., Met-Ed’s parent company, and state regulatory officials
asking what protections are in place to keep private consumer data
from unwanted eyes.

“What
limits have been placed on data collection and permissions for data
collection beyond monthly billing cycle totals?” it says in the
letter, dated Nov. 14, to FirstEnergy’s president, regional
president, state president, the state Office of Consumer Advocates
and the Pennsylvania Public Utility Commission. “The notice sent
to our residents makes no mention of this, yet is it is of prime
concern to us in order to protect and secure data of our residential
households.”

Hackers are offering Black Friday
discounts for stolen credit card details being bought and sold on the
dark web as they seek to cash in on an online shopping bonanza.

Security experts including the FBI, the
UK’s cyber defence agency and online security firms have warned of
a wave of hacking and fraud as criminals exploit Britain’s biggest
weekend of online shopping across Black Friday and Cyber Monday.

Facebook
has appealed its
500,000-pound ($644,000) fine for failing to protect the privacy
of its users in the Cambridge Analytica scandal, arguing that U.K
regulators failed to prove that British users were directly affected.

… "Their
reasoning challenges some of the basic principles of how people
should be allowed to share information online, with implications
which go far beyond just Facebook, which is why we have chosen to
appeal," said Facebook lawyer Anna Benckert in a statement.
"For example, under ICO's theory people should not be allowed to
forward an email or message without having agreement from each person
on the original thread. These are things done by millions of people
every day on services across the internet."

This could be an interesting source of privacy
horror stories. Stay tuned.

A Thai government official on Wednesday defended a
sweeping cybersecurity bill which experts have decried for allowing
the wholesale seizure of private computers and property, saying that
"every country has a need" to protect itself.

… In rare comments hitting out at the
government, a senior judge at the Thai Appeals Court condemned the
bill, calling it redundant.

"This law ignores the people's rights and
freedom," said Sriamporn Saligupta.

"If the next government is not good and uses
this as a tool, we will no longer have privacy rights."

The President and his minions are correct in their
assumption that people are more interested in shopping and feasting
than in worrying about the future. Much harder to change that than
asking the President to change his mind. Maybe.

The bombshell report, which warns of large-scale
climate disasters if the U.S. continues down the track it's headed,
was released without much rollout midday Friday.

Known as Black Friday, it's a day in which people
are likely more concerned with shopping than national affairs. Late
Friday in general is famous in Washington for being a "news
dump," in which an administration quietly releases
less-than-optimal news.

The following is not your typical breach
notification. It relates to a situation in which a business
associate allegedly refuses to return the patient database despite
its EULA and HIPAA obligation. The press release does not indicate
whether the covered entity, Key Dental Group, is suing its former
vendor to recover the database. Nor does it indicate how many
patients have data in the database in question. DataBreaches.net has
sent inquiries both to Key Dental Group and to the vendor, MOGO, to
ask for more information and in MOGO’s case, their response to Key
Dental Group’s allegations, but has received no replies as yet.

At first blush, the allegations and situation
described below is reminiscent of a controversy
between Texas and Xerox that I had reported on in 2014. This
post will be updated if and when DataBreaches.net receives any
replies to inquiries.

According to a comprehensive new report
from Datto, ransomware continues to be the leading form of cyber
attack experienced by small- and medium-sized businesses (SMBs).

… As businesses continue to adopt a
head-in-the-sand mentality about ransomware infections, one thing is
clear: these attacks have the potential to cripple any organization
that has not put the proper
backup and recovery plan into place. Revenue lost to
downtime can cripple a small business, and lost productivity or time
that is spent offline can have serious financial implications.

… Moreover, suggests Datto, SMBs should think
about having a business
continuity & disaster recovery (BCDR) solution in
place. This would help a business recover from an attack within a
short period of time, even in as little as 24 hours, without the risk
of significant business downtime that could cripple an organization.

Online payment fraud losses will reach $48 billion
annually by 2023, up from the $22 billion in losses projected for
2018, a new study from Juniper Research has found.

Juniper’s
new research claims that a critical driver behind losses from
eCommerce, airline ticketing, money transfer and banking services
will be “the continued high level of data breaches resulting in the
theft of sensitive personal information.”

Synthetic identity fraud is on
the rise, researchers found. Fraudsters are using fragments of real
data gleaned from breaches to create new, synthetic identities, as
they slowly move away from pure identity theft.

… “When criminals use a blend of different
people’s data, as well as some entirely made up information, it
becomes harder for law-enforcement officials to both realize the
crime and then locate the culprit,” he is quoted as saying.

The activities of attorneys and the activities of
hackers are not as different as you might expect, if you define
hackers as creative, unconventional problem solvers.

Each explores vast spaces of complicated systems,
looking to see how they work, both in ways intended and unintended,
and to see what they can be made to do.

In general, the law typically does not keep up
with changes in society or technology. As a result, lawyers often
must formulate new and innovative ways to address difficult legal
problems by using and combining existing legal tools in new ways.

Perspective. Clearly cash will become
increasingly rare, so I’m going to start collecting US currency. I
will pay you up to 30 cents for a $100 bill, depending on condition.

Few countries have been moving
toward a cashless society as fast as Sweden. But cash is being
squeezed out so quickly — with half the nation’s retailers
predicting they will stop accepting bills before 2025 — that the
government is recalculating the societal costs of a cash-free future.

The financial authorities, who once embraced the
trend, are asking banks
to keep peddling notes and coins until the government can figure
out what going cash-free means for young and old consumers. The
central bank, which predicts cash may fade from Sweden, is testing a
digital
currency — an e-krona — to keep firm control of the money
supply. Lawmakers are exploring the fate of online payments and bank
accounts if an electrical grid fails or servers are thwarted by power
failures, hackers or even war.

… Ask most people in Sweden how often they pay
with cash, and the answer is “almost never.” A fifth of Swedes,
in a country of 10 million people, do not use automated teller
machines anymore. More than 4,000 Swedes have implanted
microchips in their hands, allowing them to pay for rail travel
and food, or enter keyless offices, with a wave. Restaurants, buses,
parking lots and even pay toilets depend on clicks rather than cash.

Thursday, November 22, 2018

Krebs gives a full description of the technique used. Sometimes you
have to connect with the right person to get a response, or be like
Krebs who can tell a large audience about your poor security
management.

U.S.
Postal Service just fixed a security weakness that
allowed anyone who has an account at usps.com
to view account details for some 60 million other users, and in some
cases to modify account details on their behalf.

KrebsOnSecurity was contacted last week
by a researcher who discovered the problem, but who asked to remain
anonymous. The researcher said he
informed the USPS about his finding more than a year ago yet never
received a response. After confirming his findings, this
author contacted the USPS, which promptly addressed the issue.

Is the idea to guide citizens to good behavior,
like a parent rewarding or scolding a child? Or is the idea to
protect the state by identifying non-conformists and limiting their
interactions? How difficult would it be to do this here, but not
make it public? Perhaps controlled by the Citizens Information
Agency (CIA)

China’s plan to judge each of its 1.3 billion
people based on their social behavior is moving a step closer to
reality, with Beijing set to adopt a lifelong points program by 2021
that assigns personalized ratings for each resident.

… The Beijing project will improve blacklist
systems so that those deemed untrustworthy will be “unable to move
even a single step,” according to the government’s plan.

… By the end of May, people with bad credit in
China have been blocked from booking more than 11 million flights and
4 million high-speed train trips, according to the National
Development and Reform Commission.

… The tracking of individual behavior in China
has become easier as economic life moves online, with apps such as
Tencent’s WeChat and Ant Financial’s Alipay a central node for
making payments, getting loans and organizing transport. Accounts
are generally linked to mobile phone numbers, which in turn require
government IDs.

The final version of China’s national social
credit system remains uncertain. But as rules forcing social
networks and internet providers to remove anonymity get increasingly
enforced and facial recognition systems become more popular with
policing bodies, authorities are likely to find everyone from
internet dissenters to train-fare skippers easier to catch -- and
punish -- than ever before.

This seems prudent with everyone trying to
redefine monopoly to look just like large tech companies.

… Qwant
is even getting official support. Last month the French army and
parliament both said they would drop Google and use Qwant as their
default search engine, as part of efforts to reclaim European
"digital sovereignty."

… Walshe
likes Startpage's new "anonymous view" feature, which goes
a step further and lets users visit websites anonymously, so they
won't be exposed to tracking by websites even after clicking a search
result.

I guess I’m still a nerd. This is very cool.
Probably not enough to push a 747, but drones for sure, maybe even
sailplanes.

… But Barrett and his team figured out three
main things to make Version 2 work. The first was the ionic wind
thruster design. Version 2’s thrusters consist of two rows of long
metal strands draped under its sky blue wings. The front row
conducts some 40,000 volts of electricity—166 times the voltage
delivered to the average house, and enough energy to strip the
electrons off ample nitrogen atoms hanging in the atmosphere.

When that happens, the nitrogen atoms turn into
positively charged ions. Because the back row of metal filaments
carries a negative charge, the ions careen toward it like magnetized
billiard balls. “Along the way, there are millions of collisions
between these ions and neutral air molecules,” Barrett notes. That
shoves the air molecules toward the back of the plane, creating a
wind that pushes the plane forward fast and hard enough to fly.

It is hard to attempt to draw comparisons to the
situation in the U.S. due to the absence of any one centralized
agency in the U.S. that requires notifications to it (such as the
Information Commissioner’s Office). By looking within states that
have mandatory reporting to the state, we may be able to determine if
reports are increasing over years, but getting actual numbers that
are likely to be reliable seems to be a bit unlikely still.

From the Office of the New York State Comptroller,
this follow-up report on the New York State Education Department
shows ongoing concerns that have not been addressed at all or only
addressed partially:

Do you need some stimulating reading
material for this long holiday weekend? Here’s a great option: the
latest issue of Timothy McSweeney’s Quarterly Concern, The
End of Trust. This is a collection
of essays and interviews about technology, privacy, and surveillance,
featuring many EFF authors—including EFF Executive Director Cindy
Cohn, Special Advisor Cory Doctorow, and board member Bruce Schneier.

The End of Trust is on sale
online
and in bookstores now, but it’s alsofree to downloadunder a Creative
Commons BY-NC-ND license. In addition to essays from EFFers,
contributors include anthropologist Gabriella Coleman examining
anonymity, Edward Snowden tackling blockchain, and EFF Pioneer Award
winner Malkia Cyril zeroing in on the historical surveillance of
black bodies.

EFF has read and reviewed every piece of
The End of Trust, and it’s a smart, thought-provoking, and
entertaining issue. We are proud to be part of this project, and
hope you enjoy it.

Have they really got the fact straight on this
one? What happens when the rest of the world retaliates?

The
administration of US President Donald Trump is exploring curbing
exports of sensitive technologies including artificial intelligence
for national security reasons, according to a proposal this week.

The
proposal to control sales of certain technologies "essential to
the national security of the United States" comes amid growing
trade friction with Beijing -- and fears that China may overtake the
US in some areas such as artificial intelligence.

The
Commerce Department said in the proposed rules, published Monday,
that it would consider curbs on various AI technologies such as
neural networks and deep learning, computer vision, natural language
processing and audio and video manipulation.

… But
banning AI exports could be counterproductive to US goals, said
Daniel Castro, vice president of the Information Technology and
Innovation Foundation, a Washington think tank.

"If
the US government bans the export of AI technology, other countries
will likely enact reciprocal policies," Castro said.

"It
will mean US companies are locked out of certain markets, allowing
firms in other countries to compete unchallenged."

The FCC’s
plan to fight spam texts could give phone companies more power over
messaging

… In its
announcement, the agency said it plans to formally classify
text messaging as an information service, a legal
distinction it said will be key to battling spam text messages. The
classification, the agency said, will allow phone carriers to
continue to use blocking technology to stop spam messages from
reaching phones.

But some consumer advocates
have pushed for the FCC to instead classify
messaging as a telecommunications service. Without that
classification, groups like Public Knowledge have argued, phone
companies will be able to discriminate against messages, deciding
when and how to deliver texts in ways they say could harm consumers
and free speech.

SoftBank’s Vision Fund is investing an
additional $2 billion in South Korea’s top e-commerce firm Coupang,
the retailer said on Tuesday, as the loss-making startup seeks to
cement its market dominance.

The latest investment follows the $1 billion that
SoftBank invested in Coupang in 2015 and values the eight-year-old
startup at around $9 billion, a source close to Coupang said.

Coupang has since grown rapidly to become the
biggest player in South Korea’s e-commerce market. It clocked 2.7
trillion won ($2.4 billion) in revenue last year, with its online
sales almost as much as the next three largest e-commerce sites in
the country combined, according to research firm Statista.

Another self-driving option I had not considered.
Probably more restful, possibly cheaper, definitely slower.

Tuesday, November 20, 2018

Is the escalation from theft to industrial espionage to military
espionage and no higher? Apparently, this is not a path to cyberwar,
so feel free to hack all you like? With minimal downside, anything
hackers can steal is virtually pure profit.

China
has sharply escalated cyberattacks on Australian companies this year
in a "constant, significant effort" to steal intellectual
property, according to a report published Tuesday.

The
investigation by Fairfax Media and commercial broadcaster Channel
Nine comes just days after US Vice President Mike Pence accused
Beijing at the APEC summit of widespread "intellectual property
theft".

The
report said China's Ministry of State Security was responsible for
"Operation
Cloud Hopper", a wave of attacks it said were detected by
Canberra and its partners in the "Five Eyes" intelligence
alliance -- the US, Britain, Canada and New Zealand.

An
unnamed senior Australian government official told Fairfax the
activity was "a constant, significant effort to steal our
intellectual property", while other officials
expressed frustration that firms and universities were not tightening
their security.

I have students from India, Africa, all over the
middle east and even Canada, but no one from the EU, as far as I
know.

Ivanka
Trump used personal account for government business, posing security
risk to White House

During the 2016 presidential election, US
President Donald Trump aggressively went after Hilary Clinton for
using her personal email account and server for official
conversations during her time as US Secretary of State. Two years
later, it is now Ivanka Trump’s turn to take the heat. Or not.

White House ethics officials confirmed she used a
private email account to send official government-related emails last
year, writes
the Washington Post. Ivanka Trump exchanged hundreds of official
emails with assistants, Cabinet officials and White House aides
through a domain shared with her husband, Jared Kushner. The domain
was created in December 2016, before she moved Washington. Because
the domain was created through a Microsoft system, the emails are
stored by the tech company.

Her actions could be in violation of the
Presidential Records Act, which specifies that White House
Communication must be secured and all data kept in a secure archive
to prevent hacking and mishandling of data. Although her emails were
mostly about personal travel dates and logistical data, some may
still be in violation of federal records legislation, as they
discussed official business and government policies.

“Russia’s meddling in the United States’
elections is not a hoax. It’s the culmination of Moscow’s
decades-long campaign to tear the West apart. “Operation
InfeKtion” reveals the ways in which one of the Soviets’ central
tactics — the promulgation of lies about America — continues
today, from Pizzagate to George Soros conspiracies. Meet the KGB
spies who conceived this virus and the American truth squads who
tried — and are still trying — to fight it. Countries from
Pakistan to Brazil are now debating reality, and in Vladimir Putin’s
greatest triumph, Americans are using Russia’s playbook against one
another without the faintest clue…”

Now eight
parliaments are demanding Zuckerberg answers for Facebook scandals

Facebook’s
founder is facing pressure to accept an invite from eight
international parliaments, with lawmakers wanting to question him
about negative impacts his social network is having on democratic
processes globally.

Last week Facebook declined
an invitation from five of these parliaments.

The elected representatives of Facebook users want
Mark
Zuckerberg to answer questions in the wake of a string of data
misuse and security scandals attached to his platform. The
international parliaments have joined forces — forming a grand
committee — to amp up the pressure on Facebook.

Amid talk of Google as a monopoly, does this
suggest they might have the power to revise the law? Could news
sites expect a 51% or greater reduction in user visits?

The Guardian – Search
engine is lobbying hard to stop proposed tax, aimed at compensating
news publishers – “Google’s top news executive has refused
to rule out shutting down Google
News in EU countries, as the search engine faces a battle with
Brussels over plans to
charge a “link tax” for using news stories. Richard
Gingras, the search engine’s vice-president of news, said while
“it’s not desirable to shut down services” the company was
deeply concerned about the current proposals, which are designed to
compensate struggling news publishers if snippets of their articles
appear in search results. He told the Guardian that the future of
Google News could depend on whether the EU was willing to alter the
phrasing of the legislation. “We can’t make a decision until we
see the final language,” he said. He pointed out the last time a
government attempted to charge Google for links, in 2014 in Spain,
the company responded by shutting down Google News in the country.
Spain passed a law requiring aggregation sites to pay for news links,
in a bid to prop up struggling print news outlets. Google responded
by closing the service for Spanish consumers, which he said
prompted a fall in traffic to Spanish news websites…”

New study
shows Spain’s “Google tax” has been a disaster for publishers

… In the short-term, the study found, the law
will cost publishers €10 million, or about $10.9 million, which
would fall disproportionately on smaller publishers. Consumers would
experience a smaller variety of content, and the law "impedes
the ability of innovation to enter the market."

The study concludes that there's no "theoretical
or empirical justification" for the fee. The full
study (PDF) is available for download; it's in Spanish with an
English-language executive summary.

… Whatever loss of traffic occurs due to
readers who may read a news aggregator and then choose not to read an
entire story, is more than made up for by the "market expansion"
effect, the study found. In other words, given access to a news
aggregator like Google, people read much more news.

The NERA analysis found a 6 percent overall drop
in traffic from the Spanish Google News closure and a 14 percent drop
for smaller publications.

… Research
by one of us (James) links this trend to software. Even outside of
the tech sector, the employment of more software developers is
associated with a greater increase in industry concentration, and
this relationship appears to be causal. Similarly, researchers at
the OECD have found
that markups — a measure of companies’ profits and market power —
have increased more in digitally-intensive industries. And academic
research has found
that rising industry concentration correlates with the
patent-intensity of an industry, suggesting “that the industries
becoming more concentrated are those with faster technological
progress.” For example, productivity has grown dramatically in the
retail sector since 1990; inflation-adjusted sales per employee have
grown by roughly 50%. Economic analysis
finds that most of this productivity growth is accounted for by a few
companies such as Walmart who used information technology to become
much more productive. Greater productivity meant lower prices and
faster growth, leading to increased industry dominance. Walmart went
from a 3% share of the general merchandise retail market in 1982 to
over 50% today.

Microsoft is bringing its
Skype calling service to Amazon’s Alexa-enabled devices this week.
Amazon’s Echo range will be able to access Skype’s basic calling,
and hardware like the Echo Show will also include video calling
support for Skype. This integration also lets Skype users call
mobile and landlines using SkypeOut, and simply call contacts by
saying “Alexa, call Tom on Skype” to activate a call.

Forget the old American campaign slogan of a
chicken in every pot, or the Indian politician’s common pledge to
put rice in every bowl.

Here in the state of Chhattisgarh, the chief
minister, Raman Singh, has promised a smartphone in every home —
and he is using the government-issued devices to reach voters as he
campaigns in legislative elections that conclude on Tuesday.

A court
ruled that judges can be Facebook friends with lawyers because those
are not real friendships

Quartz:
“Florida’s Supreme Court has ruled on something that most social
media users already know: Facebook friendships are not real.
Specifically, the court said in
a Nov. 15 opinion that a Facebook friendship between a judge and
an attorney does not mean the judge is too biased to preside over
that attorney’s case. Ruling on an appeal in a case where one side
argued a trial court judge should be disqualified because of a
Facebook friendship, the court added that even traditional, IRL
friendship wouldn’t necessarily be disqualifying, because the
nature of friendship is “indeterminate.”

The ruling includes some philosophical
musings on the meaning of friendship. For chief justice Charles
Canady, who writes for the majority, a real friend, “is a person
attached to another person by feelings of affection or esteem.”
Meanwhile, a Facebook friend is a “person digitally connected to
another person by virtue of their Facebook ‘friendship.’” And
a Facebook friendship, he says, “does not objectively signal the
existence of the affection and esteem involved in a traditional
‘friendship.’”…

It’s a “kill or die” game. Probably need a
bit more subtlety. You can help.

Moral
Machine – “From self-driving cars on public roads to
self-piloting reusable rockets landing on self-sailing ships, machine
intelligence is supporting or entirely taking over ever more complex
human activities at an ever increasing pace. The greater autonomy
given machine intelligence in these roles can result in situations
where they have to make autonomous choices involving human life and
limb. This calls for not just a clearer understanding of how humans
make such choices, but also a clearer understanding of how humans
perceive machine intelligence making such choices. Recent scientific
studies on machine ethics have raised awareness about the topic in
the media and public discourse.

This website aims to take the discussion
further, by providing a platform for 1) building a crowd-sourced
picture of human opinion on how machines should make decisions when
faced with moral dilemmas, and 2) crowd-sourcing assembly and
discussion of potential scenarios of moral consequence…”

Monday, November 19, 2018

The more
you say you know about phishing, the more vulnerable you are …
Until you’re hoodwinked

A study in which researchers sent phishing emails
to 1,350 students has yielded a startling find: those who believe
they know how to tell a phishing scam from a genuine email are
actually more susceptible to the attack.

The
study by the University of Maryland, Baltimore County (UMBC)
involved various phishing tests to assess whether any demographic
segments were more susceptible to phishing attacks.

Some interesting things to think about. We
probably do it the same way (without the tea).

They are soldiers,
but the 77th Brigade edit videos, record podcasts and write viral
posts. Welcome to the age of information warfare

… Explaining their work, the soldiers used
phrases I had heard countless times from digital marketers: “key
influencers", “reach", “traction".

… Ever since Nato troops were deployed to the
Baltics in 2017, Russian propaganda has been deployed too, alleging
that Nato soldiers there are rapists, looters, little different from
a hostile occupation. One of the goals of Nato information warfare
was to counter this kind of threat: sharply rebutting damaging
rumours, and producing videos of Nato troops happily working with
Baltic hosts.

Information campaigns such as these are “white”:
openly, avowedly the voice of the British military. But to narrower
audiences, in conflict situations, and when it was understood to be
proportionate and necessary to do so, messaging campaigns could
become, the officer said, “grey” and “black” too.
“Counter-piracy, counter-insurgencies and counter-terrorism,” he
explained. There, the messaging doesn't have to look like it came
from the military and doesn't have to necessarily tell the truth.

Why it matters: The public is
more aware than ever of some of the negative consequences of the
technologies that have changed their lives, which makes Silicon
Valley and social media ripe political and regulatory targets.

Between the lines: This is a rare
topic uniting Republicans, Democrats and Independents…”

… despite the growing presence of algorithms
in many aspects of daily life, a Pew Research Center survey of U.S.
adults finds that the public is frequently skeptical of these tools
when used in various real-life situations.

This skepticism spans several dimensions. At a
broad level, 58% of Americans feel that computer programs will always
reflect some level of human bias – although 40% think these
programs can be designed in a way that is bias-free.

Majorities of Americans find it unacceptable
to use algorithms to make decisions with real-world consequences for
humans

Across age groups, social media users are
comfortable with their data being used to recommend events – but
wary of that data being used for political messaging

To put that in perspective, the five-day kickoff
to the Christmas shopping season that begins on Thursday,
Thanksgiving Day, and runs through the following Monday, known as
Cyber Monday, generated sales of $19.6 billion. And that's for all
of retail. Alibaba's sales figure don't include the sales generated
by other Chinese retailers, such as its biggest rival, JD.com,
which sold $23 billion worth of merchandise (albeit over an 11-day
period, though the bulk came on Singles Day itself).

Put another way, it took Amazon.com
three months to sell $33.7 billion worth of goods in the third
quarter, which also included its best-ever Prime Day event that sold
an estimated $3.4 billion – and that was over 36 hours. Alibaba
generated over $1 billion in gross merchandise value (GMV) in the
first minute and a half and surpassed last year's $25 billion total
in just under 15 hours.

U.S.
cybersecurity experts say hackers impersonating a State Department
official have targeted U.S. government agencies, businesses and think
tanks in an attack that bears similarity to past campaigns linked to
Russia.

The
"spear phishing" attempts began on Wednesday, sending
e-mail messages purported to come from a department public affairs
official.

… The
State Department said: "The Department is aware of the recent
malicious cyber event involving the spoofing (impersonation) of a
Department employee reported by U.S. cybersecurity firm FireEye. No
Department networks were compromised by this malicious
cyber attempt." [The
wording makes me wonder what was
compromised. Bob]

Nothing
really new here. This is the high end of the “Alexa, turn on the
lights” AI spectrum. If I’m not ready to trust a self-driving
car, I’m going to really have to be convinced that some
mini-Terminator can be trusted.

Are
Killer Robots the Future of War? Parsing the Facts on Autonomous
Weapons

… The decision to use a lethal weapon in
battle against combatants has always been a decision made by a human
being. That may soon change. Modern advancements in artificial
intelligence, machine image recognition and robotics have poised some
of the world’s largest militaries on the edge of a new future,
where weapon systems may find and kill people on the battlefield
without human involvement. Russia, China and the United States are
all working on autonomous platforms that pair weapons with sensors
and targeting computers; Britain
and Israel are already using weapons with autonomous
characteristics: missiles and drones that can seek and attack an
adversary’s radar, vehicle or ship without a human command
triggering the immediate decision to fire.

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.